A collection of easy-to-deploy Terraform-based automations to accelerate incident response workflows in AWS environments.
Easy to deploy automations for incident response in AWS
This tool is designed for security teams and cloud engineers who need to quickly implement automated incident response actions within AWS. It enables rapid deployment of predefined automations to investigate, contain, and remediate security incidents, optionally integrating with Datadog for streamlined triggering and management.
Ensure Terraform is configured with appropriate AWS credentials before deployment. Review and customize permissions in Terraform code to follow least privilege principles. Testing automations in a controlled environment before production use is recommended. Datadog integration is optional but beneficial for teams using Datadog for monitoring and incident management.
Clone the repository to your local machine
Select the automation folder relevant to your incident response needs
Modify the Terraform configuration files to fit your AWS environment
Deploy the automation using Terraform apply
Optionally, import the provided Datadog JSON workflow to your Datadog account
Test the deployed automation by simulating an incident and adjust configurations as neededgit clone https://github.com/adanalvarez/AWSIncidentResponseAutomations.git
Clone the repository to access the automations
terraform init
Initialize the Terraform working directory for the selected automation
terraform apply
Deploy the automation resources in AWS
Import Datadog JSON workflow
Add the provided Datadog workflow JSON to enable triggering automations from Datadog